Escolar Documentos
Profissional Documentos
Cultura Documentos
1. Task......................................................................................................................... 1 2. DNS structure .......................................................................................................... 1 3. Domain structure .................................................................................................... 2 4. Delegation............................................................................................................... 2 5. What is a zone?....................................................................................................... 3 6. Root NS................................................................................................................... 3 7. Resolver................................................................................................................... 4 8. Name server ............................................................................................................ 5 8.1 Primary NS & Secondary NS ............................................................................... 5 8.2 Caching NS and recursive queries....................................................................... 6 9. The zone file............................................................................................................ 7 9.1 SOA (Start of Authority)..................................................................................... 7 9.2 Resource records................................................................................................ 8 9.3. The @ symbol.............................................................................................. 10 10. Reverse mapping................................................................................................. 10 11. Tools ................................................................................................................... 12 12. Special features of gTLD domains........................................................................ 13
1. Task
The Domain Name System assigns a name (a domain) that is easy for people to remember to a number (IP) used for a machine.
2. DNS structure
The DNS is absolutely hierarchical and is thus always organised top down from the root.
3. Domain structure
In contrast to the normal convention of reading in the western world, a domain is read from right to left and can be divided by one or more . (dots) into labels containing a maximum of 63 characters each. According to RFC 2181 the maximum allowable length of a complete domain including separating dots amounts to 255 characters.
4. Delegation
One of the basic ideas behind the introduction of the DNS was to create as decentralised a structure as possible, resistant as possible to disruptions. The bulk of this idea is achieved by passing on responsibility for domains to different name servers. This is referred to as delegation. The result of this is that no single name server (which would be a very easy target for attacks) is responsible for all domains, but that the responsibility for each individual do main can be delegated from each higher-level domain to other name servers following the top down principle.
Delegating a domain to name servers that have no authoritative information on the domain is referred to as lame delegation.
5. What is a zone?
Zones can be created by delegating a domain to other name servers. A zone thus contains all information about a complete domain or certain parts of it. An example of this is the domain www.1and1.com. In this case the 1and1 subdomain lying within the com zone was delegated to the name servers ns27.1and1.com and ns28.1and1.com. The administrator of the 1and1.com zone then entered an additional www subdomain to improve accessibility to the Web server. Because this subdomain was not delegated to a new name server, but was created within the 1and1 zone, the www.1and1.com domain is created which lies in the 1and1 zone and for which ns27 and ns28.1and1.com are the authoritative name servers (see section 8).
6. Root NS
There are currently 13 root servers worldwide with all but 3 located in the USA. A.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 4d39m53s IN A 4d39m53s IN A 4d39m53s IN A 4d39m53s IN A 4d39m53s IN A 4d39m53s IN A 4d39m53s IN A 4d39m53s IN A 4d39m53s IN A 4d39m53s IN A 4d39m53s IN A 4d39m53s IN A 4d39m53s IN A 198.41.0.0/24 128.9.0.0/16 192.33.4.0/24 128.8.0.0/16 192.203.230.0/24 192.5.5.0/24 192.112.36.0/24 128.63.0.0/16 192.36.148.0/24 192.58.128.0/24 193.0.14.0/24 198.32.64.0/24 202.12.27.0/24
A.ROOT-SERVERS.NET is given the special task of serving as the Primary Root NS, providing authoritative data for the other 12, the Secondary Root NS. The top-level domain zones .edu, .gov and .mil are currently administered on A.ROOT-SERVERS.NET. In addition, it also contains root server information for all other top-level domains delegated worldwide.
This means that in order to be available in the worldwide DNS a top-level domain must be registered in this root server for resolution to work. The latest entries were made during 2001, introducing the toplevel domains .info, .biz, .name and .museum.
7. Resolver
A resolver is an operating system component present on every TCP/IP-compatible network computer that handles communication between different network applications such as a Web browser and the name server assigned to it.
8. Name server
In principle a difference is made between authoritative and non-authoritative behaviour of name servers. Authoritative name servers are responsible for one domain and can return a response based on locally stored domain information, while non-authoritative name servers must query an authoritative name server in order to resolve a domain query into an IP. The basic scheme for resolving an address is best described using the following illustration:
IN NS IN NS IN A IN MX IN MX ...
end zone file 1and1.com --------------------------------------------A difference can be made between two different types of information here: the SOA values contain information about handling the zone file itself, all other entries, the resource records describe particular capabilities of a domain. The most frequently used services such as NS, A and M X are explained individually below.
These values are responsible for the speed at which modifications to the data in a domain are propagated worldwide. The SOA records for higher-level (delegated) zones should always be taken into consideration when redelegating a domain to a new name server. The result of this is that the normal service provider e.g. when making modifications to the name server below a top-level domain has only a limited influence on the length of time needed for propagation.
begin zone file $domain ---------------------------------------------... IN NS ns This entry is automatically changed to IN NS ns.$domain. or IN NS 212.100.100.100 becomes IN NS 212.100.100.100 ...
www www.$domain.
end zone file $domain ---------------------------------------------To prevent this behaviour, a . must be placed at the end of a statement. This is particularly important when for example a mail exchange is to be entered that does not lie within the same zone. begin zone file $domain ---------------------------------------------... MX lies in the same zone IN MX mx or IN MX mx.$domain. MX does not lie in the same zone IN MX mx.mailexchange.com. a missing dot here would result in an error this IN MX mx.mailexchange.com becomes IN MX mx.mailexchange.com.$domain. ... end zone file $domain ---------------------------------------------A domain name that already ends in a . is referred to as a fully qualified domain name (FQDN) or fully rooted domain name.
IN NS IN NS www IN A IN MX IN MX IN A IN A IN MX IN MX
ftp @
10
Forward mapping and reverse mapping are entries that are completely separated from each other, are not mutually dependent and also dont have to be consistent. It is thus entirely possible for a forward lookup to return an IP that would not necessarily have the originating domain as t he result of a reverse lookup. Above all, it should be noted that each registered name server is responsible for each particular entry. This does not have to be the same, because both identifiers are delegated by independent institutions. For a domain this is the respective registry for the top-level domain (.com: Verisign, .info Afilias), whereas the responsibility for an IP, at least in North America, lies with ARIN (American Registry for Internet Numbers). There is a special resource record not yet mentioned that is used to map this type of domain on a name server: Pointer record Syntax: $in-addr.arpa IN PTR $domain. This entry is used to resolve a normal domain from an IN-ADDR.ARPA domain.
11
11. Tools
There are many tools that can be used to get a close look at the configuration of a zone. They make it possible to query the data contained in a zone file (just like a name server), in order to test the response behaviour of the queried NS. Most of these programs can be obtained as freeware or shareware from the Internet or are already installed on network-capable systems. The most popular programs of this kind are currently: Unix Dig Host Nslookup Windows Nslookup Cyberkit Mac DNS Lookup Whatroute? http://www.macosarchives.com/dns_tools.html http://www.mac.org/internet/whatroute/ http://fsck.ch/projects/dns/theory/man_dig.php http://fsck.ch/projects/dns/theory/man_host.php http://fsck.ch/projects/dns/theory/man_nslookup.php http://www.trumphurst.com/dnsocx/nslookup.phtml http://www.cyberkit.net
These programs provide a graphical user interface or, in the case of dig, require the use of the command line.
12
13